Experimenting with the POST /rooms/{token} call whilst implementing the standalone client rooms. I found an issue with refresh. I'd forgotten to put the Authentication error in, but rather than an authentication failure, I got:
"Server error" "HTTP 410 Gone" Object { code: 410, errno: 111, error: "Participation has expired." }
If I have an invalid session token in the Authentication header, then I get a 401.

Comment on attachment 8525951[details][review]
Link to GitHub PR.
The test looks fine - I just retested it locally with 0.13.2 and its working fine now.
My guess is that the bug that we initially had where refresh wasn't properly acted upon for the standalone non-hawk refresh fixed this.
Still might be worth landing the test though.